Responsible disclosure

If you find a security issue, please report it privately instead of posting exploit details publicly. Include the affected route/component, reproduction steps, impact, and any relevant logs or screenshots.

Contact: security@appassist.ai

We will prioritize reports involving authentication bypass, node-token compromise, forged work packets, admin access, data leakage, unrestricted resource consumption, or worker safety issues.